Home > Others

RING0 traversing threads based on Ethread

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Ntdll!_ethread
+0x000 TCB: _kthread
+0x200 createtime: _large_integer 0xff58b008
+0x208 exittime: _large_integer 0x400000 ' 91334e00
+0x208 keyedwaitchain: _list_entry [0x91334e00-0x400000]
+0x210 exitstatus:800443912//Not 0 indicates end of thread
+0x214 postblocklist: _list_entry [0x0-0x0]
+0x214 Forwardlinkshadow: (NULL)
+0x218 startaddress: (NULL)
+0x21c terminationport:0x0000002c _termination_port
+0x21c reaperlink:0x0000002c _ethread
+0x21c keyedwaitvalue:0x0000002c
+0x220 activetimerlistlock:0x590
+0x224 activetimerlisthead: _list_entry [0x0-0x0]
+0x22c Cid: _client_id
+0x234 Keyedwaitsemaphore: _ksemaphore
+0x234 Alpcwaitsemaphore: _ksemaphore
+0x248 clientsecurity: _ps_client_security_context
+0x24c irplist: _list_entry [0x4f6c3056-0x4a4a544c]
+0x254 toplevelirp:0x4268554e
+0x258 devicetoverify:0x0200564f _device_object
+0X25C CPUQUOTAAPC: (NULL)
+0x260 win32startaddress: (NULL)
+0x264 Legacypowerobject: (NULL)
+0x268 threadlistentry: _list_entry [0X89540D40-0X86AF3CC8] This piece is eprocess threadlisthead
+0x270 Rundownprotect: _ex_rundown_ref
+0x274 Threadlock: _ex_push_lock
+0x278 readclustersize:1
+0x27c mmlockordering:1511391236
+0x280 Crossthreadflags:3
+0x280 terminated:0y1
+0x280 threadinserted:0y1
+0x280 hidefromdebugger:0y0
+0x280 activeimpersonationinfo:0y0
+0x280 reserved:0y0
+0x280 harderrorsaredisabled:0y0
+0x280 breakontermination:0y0
+0x280 skipcreationmsg:0y0
+0x280 skipterminationmsg:0y0
+0x280 copytokenonopen:0y0
+0x280 threadiopriority:0y000
+0x280 threadpagepriority:0y000
+0x280 rundownfail:0y0
+0x280 needsworkingsetaging:0y0
+0x284 samethreadpassiveflags:0
+0x284 activeexworker:0y0
+0x284 exworkercanwaituser:0y0
+0x284 memorymaker:0y0
+0x284 clonedthread:0y0
+0x284 keyedeventinuse:0y0
+0x284 rateapcstate:0y00
+0x284 selfterminate:0y0
+0x288 samethreadapcflags:0x7ffdd000
+0x288 spare:0y0
+0x288 startaddressinvalid:0y0
+0x288 etwpagefaultcalloutactive:0y0
+0x288 ownsprocessworkingsetexclusive:0y0
+0x288 ownsprocessworkingsetshared:0y0
+0x288 ownssystemcacheworkingsetexclusive:0y0
+0x288 ownssystemcacheworkingsetshared:0y0
+0x288 ownssessionworkingsetexclusive:0y0
+0x289 ownssessionworkingsetshared:0y0
+0x289 ownsprocessaddressspaceexclusive:0y0
+0x289 ownsprocessaddressspaceshared:0y0
+0x289 suppresssymbolload:0y0
+0x289 prefetching:0y1
+0x289 ownsdynamicmemoryshared:0y0
+0x289 ownschangecontrolareaexclusive:0y1
+0x289 ownschangecontrolareashared:0y1
+0x28a ownspagedpoolworkingsetexclusive:0y1
+0x28a ownspagedpoolworkingsetshared:0y0
+0x28a ownssystemptesworkingsetexclusive:0y1
+0x28a ownssystemptesworkingsetshared:0y1
+0x28a Trimtrigger:0y11
+0x28a Spare1:0y11
+0x28b priorityregionactive:0x7f '
+0x28c cachemanageractive:0 '
+0x28d disablepagefaultclustering:0 '
+0x28e activefaultcount:0 '
+0x28f lockorderstate:0 '
+0x290 alpcmessageid:1
+0x294 alpcmessage: (NULL)
+0x294 alpcreceiveattributeset:0
+0x298 alpcwaitlistentry: _list_entry [0x1-0x0]
+0x2a0 Cachemanagercount:0xce
+0X2A4 ioboostcount:0
+0x2a8 irplistlock:0x3c
+0X2AC reservedforsynchtracking: (NULL)
+0x2b0 Cmcallbacklisthead: _single_list_entry
+0X2B4 kernelstackreference:0

RING0 traversing threads based on Ethread

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
games based on movies find font based on image what is windows based on books based on video games redirect based on country wordpress copy files based on date what easter date based on

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More